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(54) Method for maintaining information consistency between multiple authentication servers of 
a radio network 



(57) A network of radio devices (1 03a, 1 03b, 1 03c, 
1 03d and 1 03e) is managed by carrying out a radio de- 
vice registration at a registering authentication server 
(101, 102a, 102b) when it is possible to communicate 
with all the authentication servers (101, 102a, 102b), 
distributing registration information to the authentication 
servers (101,1 02a, 1 02b), managing the registration in- 



formation at each one of the authentication servers 
(101, 102a, 102b), carrying out a radio device deletion 
at a deleting authentication server (101, 102a, 102b), 
distributing deletion information to the authentication 
servers (101,1 02a, 1 02b), and deleting the radio device 
from the registration information according to the dele- 
tion information at each one of the authentication serv- 
ers (101, 102a, 102b). 
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Description 

[0001] The present invention relates to a radio net- 
work system, a radio network management method, and 
a radio network management program executable on a 5 
computer, and more particularly, to a technique to be 
used for managing devices in a radio network system in 
which communications are protected by authentication 
or encryption. 

[0002] In recent years, in conjunction with the ad- 10 
vance of the LAN (Local Area Network) technique, the 
networking in the office environment has been devel- 
oped mainly in forms of connections among PCs (Per- 
sonal Computers). While such wired LANs are spread- 
ing, the use of the wireless LAN in which a part of the 15 
wired LAN is replaced by radio is also in progress. For 
example, a radio base station is connected to the wired 
LAN and a plurality of portable PCs are connected to 
this base station by radio. When a file of a desk-top PC 
connected to the wired LAN by Ethernet is edited from 20 
the portable PC, the radio access to the wired LAN is 
realized. Also, when portions of the base station and the 
portable PC are extracted, these portions form a wire- 
less LAN. The advantages of such a wireless LAN are 
that there is no need to lay cables because radio waves 25 
or infrared rays are used as transmission paths, and that 
a new construction or a layout change of the network is 
easy. 

[0003] The introduction of such a wireless LAN is be- 
coming popular due to the standardization of IEEE 30 
802.1 1 . In IEEE 802.1 1 , the 2.4 GHz band wireless LAN 
specification was completed in 1997, and the 5 GHz 
band wireless LAN specification was completed in 1 999. 
The transmission rate of the 2.4 GHz band wireless LAN 
specification is either 1 to 2 Mbps or 11 Mbps, and the 35 
specification with the transmission rate over 20 Mbps is 
currently under the discussion. Recently, products com- 
patible with this 2.4 GHz band specification have been 
released by many companies so that the base station 
and the radio PC card are now priced in an affordable 40 
range of general users. On the other hand, the 5 GHz 
band wireless LAN specification can realize the trans- 
mission rate of 20 to 30 Mbps. Also, unlike the 2.4 GHz 
band, 5 GHz band is currently almost unused frequency 
band in which fastertransmission rates can be expected 45 
easily, so that it has a prospect of becoming the next 
generation wireless LAN specification. With the appear- 
ance of some venture company that plans to sell one 
chip at $35 in 2001 , 5 GHz band is now becoming fa- 
miliar. 50 
[0004] In addition, there is a trend to install the Blue- 
tooth on all kinds of devices in a variety of fields including 
those of portable telephones, home electronics and 
PCs. This Bluetooth is also a 2.4 GHz band radio sys- 
tem, and it is expected to spread worldwide due to its 55 
low cost of about $5 for one chip, its wide acceptance 
by approximately 2000 companies in a variety of fields, 
and its standardization activity that has been made in 



2 

direct connection with the product developments. 
[0005] From the circumstances described above, as 
radio devices are spread, the range of application of 
these techniques is expected to cover not just the office 
environment but also the general homes as well. In par- 
ticular, the fact that there is no need to lay cables in the 
home is even greater advantage than the case of the 
office environment. 

[0006] However, despite of the fact that the operation 
by radio is easy, its feature that it does not use an explicit 
connection such as that used in the case of the cable 
connection or the like tends to give rise to the problem 
of security and privacy. There is a possibility for having 
the radio device controlled from outside the home with- 
out consent, or a possibility for having the personal in- 
formation stolen or destroyed. The Internet connection 
is now shifting from a part time basis to a full time basis, 
but when it becomes popular to keep the power of the 
PC having a radio network interface constantly on as a 
result, there is also a possibility for allowing an intrusion 
into the PC via the radio network interface by evading 
the firewall. 

[0007] Also, the general home users are likely to ex- 
perience some vague anxiety because of the circum- 
stances in which the hone users can learn some knowl- 
edge about the presence of threats related to the secu- 
rity such as eavesdropping and pretending, through 
news related to the computer virus from the PC industry 
or TV programs. Under the business environment, it is 
relatively easy to take measures against these threats 
by hiring a specialist, and it is possible to implement the 
IPSEC or firewall and continually updating such soft- 
ware. However, under the home environment, it is ex- 
pected to be rather difficult for many users to take such 
measures in general. 

[0008] In order to enable the users to use the network 
of radio devices in the home without anxiety, there are 
attempts to use a method for distributing secret informa- 
tion to be used for the authentication from an authenti- 
cation server installed in the home. However, if a radio 
device that received the secret information once is al- 
lowed to use the same secret information indefinitely, 
the user cannot hand over the radio device to someone 
else or discard the radio device without anxiety. Also, 
when one radio device is stolen, there is a possibility for 
having all the radio communications in the home eaves- 
dropped by using the secret information maintained by 
that device. 

[0009] When the communications within the network 
are to be protected by the above described method, it 
is presupposed that there is only one authentication 
server. However, when there is only one authentication 
server, there arises a problem that all the information 
regarding the radio devices can be lost when this au- 
thentication server fails. It is possible to prevent the in- 
formation from being lost even when one authentication 
serverfails if two or more authentication servers are pro- 
vided and the information regarding the radio devices is 
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shared among them. However, in the radio communica- 
tions, there are many cases where the communications 
become temporarily impossible due to various condi- 
tions, so that it is not necessarily always possible to syn- 
chronize the information among the authentication serv- 
ers. For this reason, it is difficult to guarantee that the 
information is always the same among the authentica- 
tion servers. 

[001 0] It is therefore an object of the present invention 
to provide a radio network system, a radio network man- 
agement method, and a radio network management 
program capable of maintaining the consistency in the 
information of devices existing in the network and im- 
proving the reliability and the safety of communications 
within the network even in the case of using a plurality 
of authentication servers in the network. 
[001 1 ] According to one aspect of the present inven- 
tion there is provided a method for managing a network 
of radio devices using at least one authentication server, 
the method comprising: carrying out a registration of a 
first radio device at an authentication server related to 
the registration of the first radio device when it is possi- 
ble to communicate with all other authentication servers 
related to the network; distributing registration informa- 
tion of the first radio device to the authentication servers 
related to the network; managing registration informa- 
tion of the radio devices at each one of the authentica- 
tion servers related to the network; carrying out a dele- 
tion of a second radio device at an authentication server 
related to the deletion of the registration of the second 
radio device; distributing deletion information of the sec- 
ond radio device to the authentication servers related to 
the network; and deleting the second radio device from 
the registration information of the radio devices accord- 
ingto the deletion information of thesecond radio device 
at each one of the authentication servers related to the 
network. 

[001 2] According to another aspect of the present in- 
vention there is provided a method for managing a net- 
work of radio devices using at least one authentication 
server, the method comprising: requesting connections 
from a registration target authentication server which is 
an authentication server for carrying out a registration 
of a new radio device, to other authentication servers 
related to the network; establishing a synchronization of 
information regarding the registration of the radio devic- 
es related to the network, from the registration target 
authentication server to the other authentication servers 
when responses to requests from all the other authen- 
tication servers are received; acquiring registration in- 
formation which is information of the new radio device 
related to the registration at the registration target au- 
thentication server; transmitting the registration infor- 
mation from the registration target authentication server 
to the other authentication servers; judging whether all 
the other authentication servers have received the reg- 
istration information at the registration target authenti- 
cation server; notifying registration completion from the 



registration target authentication server to all the other 
authentication servers according to judgement at the 
judging step; and registering the registration information 
of the new radio device related to the registration at the 
5 registration target authentication server and the other 
authentication servers. 

[0013] According to another aspect of the present in- 
vention there is provided a method for managing a net- 
work of radio devices using at least one authentication 

10 server, the method comprising: deleting information of 
a first radio device to be deleted from registration infor- 
mation of the radio devices at a deletion accepting au- 
thentication server which is an authentication serverthat 
acquired deletion information for deleting the informa- 

15 tion of the first radio device from the network; transmit- 
ting the deletion information from the deletion accepting 
authentication server to other authentication servers re- 
lated to the network; sending a response from a deletion 
information receiving authentication server which is one 

20 of the other authentication servers that received the de- 
letion information, to the deletion accepting authentica- 
tion server; deleting the information of the first radio de- 
vice from the registration information of the radio devic- 
es according to the deletion information, at the deletion 

25 information receiving authentication server; generating 
a list of deletion information non-receiving authentica- 
tion servers which are authentication servers that failed 
to respond, and re-transmitting the deletion information 
to the deletion information non-receiving authentication 

30 servers, at the deletion accepting authentication server; 
and deleting the information of the first radio device from 
the registration information of the radio devices at each 
deletion information non-receiving authentication serv- 
er. 

35 [0014] According to another aspect of the present in- 
vention there is provided an authentication server de- 
vice for managing a network of radio devices, compris- 
ing: a communication unit configured to carry out com- 
munications with authentication servers related to the 

40 network; a radio device information storing unit config- 
ured to store information of radio devices connected to 
the network; a radio device information registration unit 
configured to carry out a registration of information re- 
garding a radio device to be connected to the network 

45 with respect to the radio device information storing unit 
when it is possible to carry out communications with all 
the authentication servers; a radio device information 
registration information delivery unit configured to deliv- 
er information regarding the registration of a radio de- 

50 vice to the authentication servers by using the commu- 
nication unit; a deletion unit configured to delete the in- 
formation of a radio device from the radio device infor- 
mation storing unit when a deletion of a radio device is 
to be carried out; and a radio device deletion information 

55 delivery unit configured to distribute information regard- 
ing the deletion of a radio device to the authentication 
servers by using the communication unit. 
[0015] According to another aspect of the present in- 
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vention there is provided a computer program product 
for causing computers that manage a network of radio 
devices, to carry out processings including: requesting 
connections from a registration target authentication 
server which is an authentication server for carrying out 
a registration of a new radio device, to other authenti- 
cation servers related to the network; establishing a syn- 
chronization of information regarding the registration of 
the radio devices related to the network, from the regis- 
tration target authentication server to the other authen- 
tication servers when responses to requests from all the 
other authentication servers are received; acquiring reg- 
istration information which is information of the new ra- 
dio device related to the registration at the registration 
target authentication server; transmitting the registra- 
tion information from the registration target authentica- 
tion server to the other authentication servers; judging 
whether all the other authentication servers have re- 
ceived the registration information at the registration tar- 
get authentication server; notifying registration comple- 
tion from the registration target authentication server to 
all the other authentication servers according to judge- 
ment at the judging step; and registering the registration 
information of the new radio device related to the regis- 
tration at the registration target authentication server 
and the other authentication servers. 
[001 6] According to another aspect of the present in- 
vention there is provided a computer program product 
for causing computers that manage a network of radio 
devices, to carry out processings including: deleting in- 
formation of a first radio device to be deleted from reg- 
istration information of the radio devices at a deletion 
accepting authentication server which is an authentica- 
tion server that acquired deletion information for delet- 
ing the information of the first radio device from the net- 
work; transmitting the deletion information from the de- 
letion accepting authentication server to other authenti- 
cation servers related to the network; sending a re- 
sponse from a deletion information receiving authenti- 
cation server which is one of the other authentication 
servers that received the deletion information, to the de- 
letion accepting authentication server; deleting the in- 
formation of the first radio device from the registration 
information of the radio devices according to the dele- 
tion information, at the deletion information receiving au- 
thentication server; generating a list of deletion informa- 
tion non-receiving authentication servers which are au- 
thentication servers that failed to respond, and re-trans- 
mitting the deletion information to the deletion informa- 
tion non-receiving authentication servers, at the deletion 
accepting authentication server; and deleting the infor- 
mation of the first radio device from the registration in- 
formation of the radio devices at each deletion informa- 
tion non-receiving authentication server. 
[0017] The present invention can be implemented ei- 
ther in hardware or on software in a general purpose 
computer. Further the present invention can be imple- 
mented in a combination of hardware and software. The 



present invention can also be implemented by a single 
processing apparatus or a distributed network of 
processing apparatuses. 

[0018] Since the present invention can be implement- 
5 ed by software, the present invention encompasses 
computer code provided to a general purpose computer 
on any suitable carrier medium. The carrier medium can 
comprise any storage medium such as a floppy disk, a 
CD ROM, a magnetic device or a programmable mem- 
10 ory device, or any transient medium such as any signal 
e.g. an electrical, optical or microwave signal. 
[0019] Other features and advantages of the present 
invention will become apparent from the following de- 
scription taken in conjunction with the accompanying 
*5 drawings. 

[0020] Fig. 1 is a schematic diagram showing an ex- 
emplary configuration of a network according to one em- 
bodiment of the present invention. 
[0021] Fig. 2 is a block diagram showing a configura- 
te tion of an authentication server according to one em- 
bodiment of the present invention. 
[0022] Fig. 3 is a sequence chart showing a procedure 
for adding a back-up authentication server in one em- 
bodiment of the present invention. 
25 [0023] Fig. 4 is a diagram showing a state transition 
of authentication servers in cases of carrying out a reg- 
istration and a deletion of a radio device in one embod- 
iment of the present invention. 

[0024] Figs. 5A and 5B are a flow chart for operations 
30 of authentication servers at a time of registering a radio 
device in one embodiment of the present invention. 
[0025] Figs. 6A and 6B are a flow chart for operations 
of authentication servers at a time of deleting a radio 
device in one embodiment of the present invention. 
35 [0026] Fig. 7 is a flow chart for operations of authen- 
tication servers for synchronizing radio device registra- 
tion information at a time of registering a radio device in 
one embodiment of the present invention. 
[0027] Fig. 8 is a flow chart for operations of authen- 
40 tication servers for synchronizing radio device registra- 
tion information at a time of registering a radio device 
with a plurality of other authentication servers in one em- 
bodiment of the present invention. 
[0028] Fig. 9 is a perspective view of an authentication 
45 server device according to one embodiment of the 
present invention. 

[0029] Referring now to Fig. 1 to Fig. 9, one embodi- 
ment of a radio network system, a radio network man- 
agement method, and a radio network management 
50 program according to the present invention will be de- 
scribed in detail. 

[0030] Fig. 1 illustrates the server authentication 
method using the radio network system of this embodi- 
ment. As shown in Fig. 1, in this embodiment, the au- 
55 thentication servers in the radio network system include 
a primary authentication server 1 01 and two back-up au- 
thentication servers 102a and 102b. There are also a 
plurality of radio devices 103a to 103e. 



25 



30 



35 



40 



45 



50 



4 



7 



EP 1 298 952 A2 



8 



[0031] In terms of the hardware configuration, each 
authentication server can be an authentication server 
having functions described below, which can be provid- 
ed in a form of an ordinary computer equipped with a 
CPU for carrying out various processings, an input de- 
vice such as keyboard, mouse, light pen or flexible disk 
device, an external memory device such as memory de- 
vice or disk device, and an output device such as a dis- 
play device or a printer device, for example. This com- 
puter system may be the so called general purpose 
computer, the workstation, or the personal computer, 
but it is not limited to these, and it is also possible to 
provide a dedicated system having the above functions. 
The processings to be described below can be realized 
by installing a software having programs for the 
processings to be described below into this computer 
system and executing that software. 
[0032] The authentication server of this embodiment 
also has a unit for carrying out communications with the 
radio devices or the other authentication servers. This 
unit can be provided in a form of a radio PC card or a 
wireless LAN card. It is also possible to use the Blue- 
tooth. Also, a network used in this embodiment is a net- 
work to which devices such as computers can be con- 
nected, which can be provided in a form of a LAN (Local 
Area Network) to be used inside the office or the home 
in particular. 

[0033] Here, the primary authentication server 101 
and the back-up authentication servers 102 will be de- 
scribed. The authentication server that is set up on that 
network by the user first will be referred to as the "pri- 
mary authentication server". In the case where the user 
sets up only one server, this one server is the primary 
authentication server. The second and subsequent au- 
thentication servers that are set up by the user will be 
referred to as the "back-up authentication servers". A 
plurality of authentication servers including the primary 
authentication server 101 and the back-up authentica- 
tion servers 102 are set up on the same network, and 
the communications among the radio devices are en- 
crypted by using the common key that is distributed by 
these authentication servers. 

[0034] Next, a server key will be described. The pri- 
mary authentication server 101 generates a key to be 
used for encrypting communications among the authen- 
tication servers including the primary authentication 
server and the back-up authentication servers. In this 
embodiment, this key is referred to as a server key. The 
generated server key is distributed from the primary au- 
thentication server 101 to the back-up authentication 
servers 1 02 (as indicated by chain lines in Fig. 1 ). In this 
way, all the authentication servers within the same net- 
work will use the same server key. 
[0035] Next, an identifier of the authentication server 
will be described. The authentication server of this em- 
bodiment has an identifier that is unique within the net- 
work. For example, it can be an identifier that is unique 
among all the authentication servers. More specifically, 



the identifier can be given at a time of manufacturing as 
a set of the manufacturing company name, the product 
name, and the product serial number. Each authentica- 
tion server has a region for storing the identifiers of all 

5 the other authentication servers existing in the same 
network. In this embodiment, a region for storing the 
identifiers of the other authentication servers will be re- 
ferred to as an authentication server list. Because this 
authentication server list for storing the authentication 

10 server identifiers is provided, the authentication server 
can comprehend what other authentication servers are 
existing in that network 

[0036] Next, the generation of the common key at the 
authentication server will be described. The primary au- 

15 thentication server 1 01 generates a "seed" for generat- 
ing the common key. This generated seed is distributed 
to the back-up authentication servers (as indicated by 
chain lines in Fig. 1), and each authentication server 
generates the common key by using this seed. The gen- 

20 eration of the seed is preferably carried out regularly, 
such that the security can be improved further by appro- 
priately updating the seed. Note that the "seed" is dis- 
tributed in an encrypted form by using the above de- 
scribed "server key" in order to encrypt the communica- 

25 tions. 

[0037] Next, the distribution of the common key by the 
authentication servers will be described. In this embod- 
iment, in the case where the user sets up two or more 
authentication servers, the distribution of the common 

30 key is carried out by all the authentication servers (as 
indicated by dashed lines in Fig. 1). The radio device at 
which the update of the common key is necessary may 
be enabled (allowed) to receive the distribution of the 
key from any authentication server. When this radio de- 

35 vice carries out communications with the other radio de- 
vice by using the common key, even if the correspond- 
ent radio device has received the distribution of the key 
from another authentication server, the values of the 
common key at the two radio device will coincide be- 

40 cause the authentication servers on the same network 
must generate the same common key as described 
above. 

[0038] Because the distribution of the common key 
can be done at a plurality of the authentication servers, 

45 it becomes possible to carry out the distribution of the 
common key more smoothly when the number of the 
authentication servers is increased. That is, a zone with- 
in which radio communications are possible is limited 
for a single authentication server, so that when it is de- 

50 sired to use the radio device outside of that zone, there 
is a need for the user to explicitly move the authentica- 
tion server or the radio device so as to receive the up- 
date of the common key at the radio device. If this is 
forgotten, the common key distributed to the radio de- 

55 vice will not be updated and there is a possibility for the 
valid period of the common key to expire. However, 
when an authentication server is additionally set up with- 
in a zone at which the radio communication with that 
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radio device is possible, it becomes possible for this ra- 
dio device to receive the update of the common key in 
its usual state of use. 

[0039] The authentication servers existing in the 
same network carry out the generation of the common 5 
key by using the same seed generated by the primary 
authentication server and distribute that common key to 
the radio devices 1 03 at a prescribed timing (as indicat- 
ed by dashed lines in Fig. 1). By this distribution of the 
common key, the radio devices 1 03 can carry out the 10 
authentication and the cipher communications by using 
that common key (as indicated by thin solid lines in Fig. 
1)- 

[0040] Also, an unregistered radio device 104 to 
which the common key has not distributed yet does not 15 
possess the common key so that even if information en- 
crypted by using the common key is acquired, it is im- 
possible to decrypt that information. In this way, the se- 
curity within the network can be improved (enforced). 
Here, it cannot be denied that there is a possibility for 20 
the unregistered radio device 104 to acquire that com- 
mon key. There are cases where the radio device 1 04 
acquires the common key for some reason, and in such 
cases it becomes possible for the radio device 104 to 
carry out communications within that network. In view 25 
of such cases, it is preferable to regularly change that 
common key. In this case, there is a need to change the 
common key simultaneously at all the registered radio 
devices 103. 

[0041] Here, the distribution can be done by using the 30 
same method (algorithm) for carrying outthe generation 
of the common key at all the authentication servers. To 
this end, the distribution of the common key is carried 
out by establishing synchronization among the authen- 
tication servers. As a method for carrying out the distri- 35 
bution by establishing the synchronization, the timing of 
the key generation can be synchronized by using the 
built-in timer of the authentication server. This can be 
done by using the built-in timer of the primary authenti- 
cation server 1 01 , for example, or the built-in timers of 40 
each of the authentication servers can be set in advance 
and the distribution of the common key is carried out at 
a prescribed timing. In this case, the average value 
among the authentication servers can be used as the 
time within the network. 45 
[0042] In this way, the common key generated at the 
same timing by some authentication server in the same 
network becomes the same key as that generated by 
any other authentication server, so that it becomes pos- 
sible for the radio devices to carry out the cipher com- 50 
munications while updating that common key at a pre- 
scribed period. 

[0043] Next, the communications between the au- 
thentication server and the radio device will be de- 
scribed. In the case where it is desired to separate some 55 
radio device from the network, it suffices to interrupt the 
update of the secret information with respect to that ra- 
dio device. However, in orderto make it possible to sep- 



arate a specific device in this way, there is a need to 
register information for identifying each individual radio 
device at the authentication servers. Also, in order to 
encrypt the communication at time of distributing the 
common keys, another piece of secret information may 
be given individually to each radio device, such that the 
secret information is shared between the authentication 
server and only one radio device. In the following, the 
former secret information which is to be regularly updat- 
ed will be referred to as a "common key", while the latter 
secret information will be referred to as a "master key". 
[0044] Fig. 2 shows a configuration of the authentica- 
tion server in this embodiment. In this authentication 
server, a memory device 201 has a region 202 for stor- 
ing the above described server key, a region 203 for 
storing a seed for generating the server key or the com- 
mon key, a region 204 for storing the authentication 
server identifier list, a region 205 for storing the regis- 
tered radio device information, a region 206 for tempo- 
rarily storing newly registered radio device information 
to be used by the radio device registration procedure to 
be described below, and a region 207 for storing a non- 
transmitted deletion information which is information re- 
garding device deletion that is not yet transmitted. This 
region 207 for storing the non-transmitted deletion infor- 
mation contains a region 208 for storing a radio device 
deletion information and a region 209 for storing the 
non-transmitted authentication server list. 
[0045] A random number generation unit 210 gener- 
ates a random number. This random number generation 
unit 21 0 is used not only for the purpose of generating 
the seed of the server key or common key generation 
when this authentication server operates as the primary 
authentication server, but also for the purpose of gener- 
ating various keys at a time of carrying out the radio de- 
vice registration. 

[0046] The seed of the common key generation is 
generated by a common key generation unit 21 1 , and a 
timing of the key generation may be controlled by a built- 
in timer 21 2 of the authentication server. The time infor- 
mation from the timer 21 2 is also used for various time- 
out judgements as well as for the determination of tim- 
ings for regular attempts at a time of the device deletion 
to be described below. 

[0047] A control unit 213 controls an encryption 
processing unit 214 and a radio transmission/reception 
unit 21 5 according to various information from the above 
described elements of the authentication server, and 
carries out communications with the other authentica- 
tion servers and the radio devices while encrypting the 
communications according to the need. 
[0048] The encryption processing unit 214 encrypts 
data for which a communication request is made from 
the control unit 21 3. The encryption processing unit 214 
also receives the encrypted data transmitted from out- 
side of this authentication server and decrypt them. The 
decrypted data are stored at a prescribed position in the 
memory device 201 . This encryption processing unit 



6 



11 



EP 1 298 952 A2 



12 



214 encrypts data to be transmitted by using the server 
key stored in the memory device 201 , and decrypts re- 
ceived data by using this server key. 
[0049] The radio transmission/reception unit 215 
transmits data encrypted at the encryption processing 
unit 21 4 by radio. Also, the radio transmission/reception 
unit 215 receives encrypted data transmitted from out- 
side of this authentication server and give these data to 
the encryption processing unit 21 4. Note that, in this em- 
bodiment, the communications among the servers are 
realized in forms of the radio communications by the ra- 
dio transmission/reception unit 215, but the present in- 
vention is not limited to this case, and the communica- 
tions among the servers may be realized in forms of 
wired communications using Ethernet cables or the like. 
[0050] Fig. 3 shows a procedure forthe authentication 
server registration in this embodiment. Here, the regis- 
tration of the authentication server will be described. 
When the user sets up the primary authentication serv- 
er, no other authentication server exists on the same 
network yet, so that only the generation of the server 
key and the "seed" is carried out as the registration op- 
eration. When the user newly sets up a back-up authen- 
tication server, the registration operation forthe new au- 
thentication server with respect to the existing authen- 
tication server is carried out. Here, the existing authen- 
tication server with respect to which the user carries out 
the registration operation can be either the primary au- 
thentication server or another back-up authentication 
server. Here, the authentication server for registering 
the new authentication server will be referred to as a 
registration target authentication server. Note that this 
registration target authentication server can be either 
the primary authentication server or a back-up authen- 
tication server as mentioned above. 
[0051] First, this registration target authentication 
server 320 notifies the registration of the new authenti- 
cation server 31 0 to the other authentication server 330. 
The operation to be carried out by the user in this reg- 
istration operation is the operation on the screen to in- 
dicate that the user intends to register a new back-up 
server to the registration target authentication server. It 
is also possible to carry out the authentication operation 
necessary in establishing the reliable relationship be- 
tween the registration target authentication server 320 
and the new authentication server 31 0, This authentica- 
tion operation includes the input of a PIN code, for ex- 
ample (step S321). The new authentication server 310 
responds to requests from the registration target au- 
thentication server 320, provides the authentication in- 
formation or the like, and establishes the communica- 
tion path (step S311). Here, the communication path 
should preferably be encrypted. 

[0052] When the registration operation is carried out, 
the registration target authentication server transfers 
the server key to the new authentication server 310 
(step S322). Then, the new authentication server 310 
receives the server key, and stores that server key (step 



S312). Next, the new authentication server 310 trans- 
mits its own identifier to the registration target authenti- 
cation server 320 (step S313). The registration target 
authentication server 320 receives that authentication 

5 server identifier from the new authentication server 31 0 
(step S323), and transmits that new authentication serv- 
er identifier to the other authentication server 330 exist- 
ing in the network (step S324). Here, the transmission 
is made by applying the encryption using the server key. 

10 The other authentication server 330 receives the iden- 
tifier of the new authentication server 31 0, and adds that 
identifier to the authentication server list. In this way, all 
the authentication servers have the latest information 
regarding what other authentication servers are existing 

15 in the network. 

[0053] Next, the registration target authentication 
server 320 transmits the authentication server list to the 
new authentication server 31 0. The new authentication 
server 310 receives the authentication server list, and 

20 stores and maintains that authentication server list in a 
prescribed position (step S31 4). In this embodiment, the 
identifier of the new authentication server 31 0 is trans- 
mitted from the registration target authentication server 
320 to the other authentication server 330, but the 

25 present invention is not limited to this case, and it is also 
possible to create a list of all the authentication servers 
existing in the network including the new authentication 
server first, and then transfer this list to all the other au- 
thentication servers, for example. It is also possible to 

30 directly transmit the identifier from the new authentica- 
tion server 31 0 to all the authentication servers connect- 
ed to that network. 

[0054] Fig. 4 shows state transitions of the authenti- 
cation servers in conjunction with the registration and 

35 the deletion of the radio device. Fig. 4 shows transitions 
between a state where the radio device registration in- 
formation is synchronized among a plurality of authen- 
tication servers and a state where the radio device reg- 
istration information is not synchronized among a plu- 

40 rality of authentication servers, rather than states of a 
single authentication server. In Fig. 4, solid lines indicate 
state transitions in which the synchronization of the ra- 
dio device registration information is complete among 
the authentication servers, and chain lines indicate state 

45 transitions in which the synchronization of the radio de- 
vice registration information may be incomplete among 
the authentication servers. The operation to newly reg- 
ister or delete ae radio device may be carried out by any 
authentication server, i.e., either one of the primary au- 

50 thentication server and the back-up authentication serv- 
er. 

[0055] When the radio device registration or deletion 
is carried out, the registration information is changed, 
so that there is a need to take care to avoid loss of in- 
55 formation in such a way that the consistency of the reg- 
istered contents among the authentication servers can- 
not be recovered. This embodiment uses a procedure 
in which the registered contents coincide at a timing of 
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the radio device registration. On the other hand, at a 
time of the radio device deletion, there can possibly be 
cases where it is desired to delete that radio device as 
quickly as possible because that radio device has been 
stolen, the quick execution of the device deletion is giv- 
en a higher priority over the guarantee of the consisten- 
cy. To compensate for that, it is made such that the con- 
sistency will be recovered by the time of the next radio 
device registration. 

[0056] Supposethatthe authentication server is in the 
waiting state (synchronized) on the right side of Fig. 4. 
Here, when there is a registration request from some 
radio device, this authentication server receives that 
registration request and executes the registration pro- 
cedure. First, the communication path with the other au- 
thentication server is established, the synchronization 
of the radio device registration information is estab- 
lished with the other authentication server, and then the 
registration of the radio device is carried out. After the 
registration, it returns to the waiting state. 
[0057] Next, when there is a deletion request from 
some radio device, this authentication server accepts 
the deletion request from the radio device, and transfers 
that information to the other authentication servers. Af- 
ter accepting the deletion , there can be cases where the 
radio device registration information becomes different 
from the other authentication servers, so that the syn- 
chronization of the radio device registration information 
can be regarded as incomplete among the authentica- 
tion servers in that sense. Consequently, the subse- 
quent transitions are indicated by chain lines. After 
transferring the radio device deletion information, it be- 
comes a waiting state (non-synchronized). Here, the 
non-synchronized meansthatthe synchronization of the 
radio device registration information among the authen- 
tication servers may possibility be incomplete. 
[0058] Here, the authentication server to which this 
deletion request was made and the other authentication 
server that received the deletion information carry out 
the transfer of the deletion information to the other serv- 
ers. It is preferable to retry this transfer regularly. The 
authentication server in this waiting state (non-synchro- 
nized) will remain in the non-synchronized state until the 
next registration request is made and the synchroniza- 
tion of the radio device information is established. In the 
following, the radio device registration and deletion will 
be described in further detail. 

[0059] Figs. 5A and 5B show the radio device regis- 
tration procedure by the authentication servers in this 
embodiment. Here, the operations of a registering radio 
device 510, a registration target authentication server 
520 that accepts this registration, and other authentica- 
tion servers 530 will be described. 
[0060] First, the registration target authentication 
server 520 checks that there is no other registration op- 
eration in progress (step S521). When another registra- 
tion operation is in progress, this fact should have been 
notified to each authentication server by a procedure to 



be described below, so it is checked whether there was 
such a notification or not. If another registration opera- 
tion is in progress, this fact will be notified to the user 
and the new registration operation will not be started. 

5 [0061] When there is no other registration operation 
in progress, the registration target authentication server 
520 attempts to start communications with all the other 
authentication servers existing in the network, and re- 
quests responses (step S522). After waiting for a time- 

10 out of several seconds, if there is at least one authenti- 
cation server from which a response is not received or 
with which a communication cannot be carried out nor- 
mally, the registration failure is notified to the user and 
the registration operation is interrupted. Also, when a 

15 problem in the communication with the other authenti- 
cation server is detected in a process of the following 
registration procedure and it cannot be recovered in 
short time, the registration failure is notified to the user 
and the registration operation is interrupted. 

20 [0062] The other authentication server 530 that re- 
ceived the connection request transmits a response 
(step S531). When the response is received, the regis- 
tration target authentication server 520 carries out the 
notification of the registration start to the other authen- 

25 tication server 530 next (step S523), and the other au- 
thentication server 530 receives the registration start 
notice (step S532). Next, the synchronization of the ra- 
dio device registration information among the servers is 
established (step S524). This can be realized by estab- 

30 lishing the synchronization of the radio device deletion 
information, for example. The radio device deletion pro- 
cedure will be described below. 

[0063] When this synchronization operation is com- 
pleted, all the authentication servers have the radio de- 

35 vice registration information of the same content. When 
the synchronization of the radio device registration in- 
formation fails, the registration is interrupted and the 
registration failure is notified to the user (step S529). 
[0064] Next, the registration target authentication 

40 server 520 executes a series of procedures for carrying 
out the radio device registration with respect to the reg- 
istering radio device 510, such as authentication proce- 
dure, generation and transmission of a master key 
unique to the device, transmission of the common key, 

45 and acquisition of information regarding the radio device 
(step S525). Here, the same procedure as in the case 
where there is only a single authentication server can 
be used. The radio device 510 that received various 
keys and the registration information maintains this in- 

50 formation (step S511). 

[0065] Next, the master key generated here and the 
information regarding the radio device acquired here are 
transmitted to all the other authentication servers 530 
by encrypting them by using the server key (step S526). 

55 The other authentication server 530 that has received 
these informations records them into a temporary mem- 
ory region and transmits a response to the registration 
target authentication server 520 (step S534). 
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[0066] Next, the registration target authentication 
server 520 judges whether responses are received from 
all the authentication servers or not (step S527). If the 
responses are received from all the authentication serv- 
ers, a registration complete notice is transmitted to all 
the other authentication servers (step S528). On the oth- 
er hand, if there is no response from at least one of the 
other authentication servers 530 even after a prescribed 
period of time T-| has elapsed, the registration is inter- 
rupted and the registration failure is notified to the user 
(step S529). 

[0067] After storing the registration information tem- 
porarily, the other authentication servers 530 are set in 
a state for waiting the registration complete notice from 
the registration target authentication server 520 (step 
S535). When the registration complete notice is re- 
ceived, the other authentication server 530 adds the 
registration information stored in the above described 
temporary memory region to the information of the other 
registered radio devices (step S537). However, if the 
registration complete notice is not received before a pre- 
scribed period of time T 2 (T 2 ^ T 1 in general) since the 
registration start notice, the registration operation is re- 
garded as interrupted, and the information stored in the 
temporary memory region is discarded (step S536). Af- 
terthe registration complete notice is transmitted or after 
the registration operation is interrupted by the time-out, 
any authentication server can newly start the radio de- 
vice registration. 

[0068] Figs. 6A and 6B shows the radio device dele- 
tion procedure by the authentication servers in this em- 
bodiment. Here, the operations of a deletion accepting 
authentication server 610 that accepts the deletion of 
the radio device, another authentication server 620 that 
is possible to communicate with it at a time of accepting 
the deletion, and an other authentication server 630 that 
is impossible to communicate with it at a time of accept- 
ing the deletion will be described. 
[0069] When the user carries out an operation to start 
the radio device deletion at some authentication server, 
the authentication server accepts the command for the 
deletion, and transfers the information regarding the de- 
letion to all the other authentication servers that are pos- 
sible to communicate with it (step S611). Here, the in- 
formation regarding the deletion may include an identi- 
fier for identifying the radio device for which the deletion 
is commanded, or a secret key that can be used for the 
same role as the identifier. The authentication server 
that received the information regarding the deletion (de- 
letion information) executes the deletion of that radio de- 
vice (step S621). 

[0070] Next, the other authentication server 620 that 
is possible to communicate at a time of the deletion 
transmits a response indicating that the deletion infor- 
mation is accepted (step S622), and the deletion accept- 
ing authentication server 610 receives the response 
(step S61 2). Then, the deletion accepting authentication 
server 610 judges whether there is any authentication 



server from which there is no response or not (step 
S613). For this judgement, the authentication server 
that failed to respond can be identified by comparing the 
authentication servers that responded with a list of all 

5 the authentication servers existing in the network, for 
example. When there is more than one authentication 
servers that failed to respond, a list of identifiers of these 
authentication servers is formed and it is transferred to 
the authentication servers that are possible to commu- 

10 nicate currently, along with the information regarding the 
deletion (step S614). 

[0071] The other authentication server 620 that is 
possible to communicate at a time of the deletion re- 
ceives the list of the authentication servers that failed to 

15 respond (step S623), and regularly makes an attempt 
to notify the information regarding the deletion to each 
authentication server on that list until it succeeds (step 
S624). This list of authentication servers that failed to 
respond may be provided in a form of a list of identifiers 

20 of the servers, for example. When there is an authenti- 
cation server which becomes possible to start commu- 
nicating in a process of this attempt, that authentication 
server receives the deletion information and executes 
the deletion (step S632), and then makes a response 

25 indicating the deletion. The other authentication server 
620 that is possible to communicate at a time of the de- 
letion receives that response (step S625). 
[0072] This transfer of the list of the authentication 
servers that failed to respond is carried out regularly. As 

30 for the authentication server from which the response is 
received, the identifier of that authentication server is 
deleted from the list of identifiers sequentially, and if the 
list of identifiers becomes empty as the responses are 
received from all the authentication servers, the deletion 

35 information associated with that list is also deleted from 
the memory region (step S626). On the other hand, the 
deletion accepting authentication server 610 also regu- 
larly transmits the deletion information as described 
above (step S615), and when there is a response from 

40 the other authentication server 630 that is impossible to 
communicate at a time of the deletion (step S61 6), the 
server that responded is deleted from the list of servers 
that failed to respond (step S61 7). Then, the synchroni- 
zation of the radio device registration information will be 

45 established at a time of the next device registration 
(steps S635, S627 and S618). 

[0073] Note that, the authentication server that re- 
ceives the information in this procedure has a possibility 
of receiving the same information from a plurality of au- 

50 thentication servers in overlap, but an authentication 
server that receives the information for commanding the 
deletion of a radio device that does not exist in its list of 
registered radio devices will just transmit a response to 
the source authentication server without carrying outthe 

55 deletion operation. In this way, the information regarding 
the deletion that is received for the second or subse- 
quent time in overlap can be ignored. 
[0074] Fig. 7 shows the operation of the authentica- 
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tion servers for synchronizing the radio device registra- 
tion information at a time of registering the radio device 
in this embodiment. Here, the information on the radio 
device deletion can be used as the radio device regis- 
tration information described above. In this embodi- 5 
ment, the case of synchronizing the radio device regis- 
tration information by using the information on the radio 
device deletion will be described. 
[0075] When another radio device registration proce- 
dure is started before the notification of the information 10 
regarding the deletion is completed, the notification of 
the information regarding the deletion is carried out. 
Here, the operations of a registration target authentica- 
tion server 720 of a new radio device, an authentication 
server 730 to which the deletion information is not noti- 15 
fied yet, and an other authentication server 710 will be 
described. 

[0076] First, the registration target authentication 
server checks that it is possible to communicate with all 
the authentication servers (steps S71 1 , S721 and S731 ) 20 
and requests each authentication server to transmit the 
information regarding the deletion for which the notifica- 
tion is not yet completed (step S722), and the other au- 
thentication server 710 receives this request (step 
S71 2). If the other server has such information, the de- 25 
vice deletion information and the target server list are 
transmitted (step S713). The registration target authen- 
tication server 720 receives them (step S723), adds 
them to any such information it has, and transfers them 
to the authentication servers to which these informa- 30 
tions should betransmitted (step S724). The registration 
target authentication server 720 has already checked 
that it is possible to communication with all the authen- 
tication servers, so that it expects to receive the re- 
sponses. 35 
[0077] The registration target authentication server 
720 of the new radio device transmits the deletion infor- 
mation to the authentication server 730 to which the de- 
letion information is not notified yet (step S724). When 
this deletion information is received, the deletion from 40 
the radio device list is executed (step S732), and after 
the deletion is finished, the deletion complete notice is 
transmitted to the authentication server that originally 
had the information regarding the deletion (step S733). 
When this response is received (step S725), the regis- 45 
tration target authentication server 720 of the new radio 
device notifies the deletion completion (step S726), and 
the other authentication server 710 receives that dele- 
tion complete notice (step S71 4). By this, the notification 
of the information regarding the deletion that originated 50 
from that authentication server is completed, and the 
next registration procedure is executed (step S727). On 
the other hand, if the response is not received at this 
point, the radio device registration procedure is inter- 
rupted (step S728). 55 
[0078] Fig. 8 shows the operation of the authentica- 
tion servers for synchronizing the information regarding 
the radio device deletion at a time of registering the radio 
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device, in the case involving a plurality of other authen- 
tication servers. In Fig. 8, the procedure (A) indicates 
the procedure (A) shown in Fig. 7, which is a series of 
procedures containing the steps S712, S713, S714, 
S722, S723, S724, S725, S726, S732, and S733). As 
shown in Fig. 8, when there are a plurality of other au- 
thentication servers I, II and III, the processing of the 
procedure (A) is carried out for the other authentication 
server I first, then the processing of the procedure (A) 
is carried out for the other authentication server II, and 
finally the processing of the procedure (A) is carried out 
for the other authentication server III. In this way, even 
when there are a plurality of other authentication serv- 
ers, the processing can be carried out. Note that the oth- 
er authentication servers I, II and III may include the reg- 
istration target authentication server. It is also possible 
to receive all the informations from the other authenti- 
cation servers, combine their contents, and then carry 
out the procedure (A) only once. 
[0079] As described, the information regarding the ra- 
dio device deletion can be shared among the authenti- 
cation servers quickly. Also, it is possible for all the au- 
thentication servers to have the identical information re- 
garding the radio devices at a time of newly accepting 
the radio device registration. 

[0080] Fig. 9 shows an exemplary configuration of an 
authentication server device according to this embodi- 
ment. This authentication server device 900 has a cas- 
ing 910 equipped with the CPU and the like described 
above, and a display device 911 , a keyboard 912 and a 
mouse 913 that are connected to this casing 91 0. In this 
authentication server device 900, the casing 910 also 
has a FD (Floppy Disk) drive 981 for reading a FD 983 
and a CD (Compact Disk) drive 982 for reading a CD 
984. Here, the drive 982 may be a DVD (Digital Versatile 
Disk) drive for reading a DVD 984. Also, the authentica- 
tion server device 900 has an externally attached drive 
987 for reading an external memory device 985 or atape 
986 such as DAT or the like. 

[0081] Various types of computer readable recording 
media including these FD 983, CD 984, the external 
memory device 985, and the tape 986 can record and 
maintain programs described above. The recorded pro- 
grams are installed into the authentication server device 
900 through these various media. In this way, the au- 
thentication server device 900 can be realized by exe- 
cuting these radio network programs. Note that a radio 
communication device 990 is used forthe radio network. 
Also, for the purpose of communications with the other 
authentication servers, the authentication server device 
900 is connected to a hub device 970 through a cable 
971 such as that of the Ethernet or the like, so as to be 
connected with the other authentication server devices. 
[0082] The radio network management method de- 
scribed above can be implemented as computer pro- 
grams which can be recorded in various types of record- 
ing media described above. The user can realize the ra- 
dio network management method by installing the com- 
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puter programs implementing the radio network man- 
agement method into a computer by using these record- 
ing media. 

[0083] As described above, this embodiment uses a 
procedure in which the registration contents of the au- 
thentication servers coincide at a time of the radio de- 
vice registration. More specifically, at a time of the reg- 
istration, the communication paths to all the authentica- 
tion servers in the network are secured, whether the ra- 
dio device registration information is distributed to all the 
authentication servers or not is judged, and the regis- 
tration is interrupted if there is any authentication server 
that failed to respond. On the other hand, at a time of 
the radio device deletion, the quick execution of the de- 
vice deletion is given a higher priority than the guarantee 
of the consistency, in view of the fact that there can be 
cases where it is preferable to delete the radio device 
as quickly as possible, as in the case of the unexpected 
situation such as stealing of the radio device, for exam- 
ple. Then, the consistency is recovered before the next 
radio device registration. 

[0084] In this way, according to the radio network 
management method of this embodiment, when a plu- 
rality of authentication servers are set up in the same 
network, the information regarding the radio device reg- 
istration can be shared among these authentication 
servers by the method that can maintain the consisten- 
cy. Consequently, it becomes possible to improve the 
reliability of the network compared with the case where 
it is only possible to set up a single authentication server. 
Thus, even in the case of using a plurality of authenti- 
cation servers in the network, it is possible to maintain 
the consistency in the information of devices existing in 
the network and improve the reliability and the safety of 
the communications within the network. 
[0085] It is also to be noted that, besides those al- 
ready mentioned above, many modifications and varia- 
tions of the above embodiments may be made without 
departing from the novel and advantageous features of 
the present invention. Accordingly, all such modifica- 
tions and variations are intended to be included within 
the scope of the appended claims. 



Claims 

1 . A method for managing a network of radio devices 
using at least one authentication server, the method 
comprising: 



managing registration information of the radio 
devices at each one of the authentication serv- 
ers related to the network; 
carrying out a deletion of a second radio device 
5 at an authentication server related to the dele- 

tion of the registration of the second radio de- 
vice; 

distributing deletion information of the second 
radio device to the authentication servers relat- 

10 ed to the network; and 

deleting the second radio device from the reg- 
istration information of the radio devices ac- 
cording to the deletion information of the sec- 
ond radio device at each one of the authentica- 

15 tion servers related to the network. 

2. A method for managing a network of radio devices 
using at least one authentication server, the method 
comprising: 

20 

requesting connections from a registration tar- 
get authentication server which is an authenti- 
cation server for carrying out a registration of a 
new radio device, to other authentication serv- 
es ers related to the network; 

establishing a synchronization of information 
regarding the registration of the radio devices 
related to the network, from the registration tar- 
get authentication server to the other authenti- 
30 cation servers when responses to requests 

from all the other authentication servers are re- 
ceived; 

acquiring registration information which is infor- 
mation of the new radio device related to the 
35 registration at the registration target authenti- 

cation server; 

transmitting the registration information from 
the registration target authentication server to 
the other authentication servers; 
40 judging whether all the other authentication 

servers have received the registration informa- 
tion at the registration target authentication 
server; 

notifying registration completion from the reg- 
45 istration target authentication server to all the 

other authentication servers according to 
judgement at the judging step; and 
registering the registration information of the 
new radio device related to the registration at 
50 the registration target authentication server 

and the other authentication servers. 

3. The method of claim 2, wherein the registration tar- 
get authentication server for carrying out the regis- 
tration of the new radio device judges whether or 
not there is any radio device registration in progress 
in the network at a moment before requesting con- 
nections to the other authentication servers related 



carrying out a registration of a first radio device 
at an authentication server related to the regis- 
tration of the first radio device when it is possi- 
bleto communicate with all other authentication 
servers related to the network; 55 
distributing registration information of the first 
radio device to the authentication servers relat- 
ed to the network: 
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to the network, and 

the registration target authentication server 
interrupts a processing for the registration when 
there is a radio device registration in progress in the 
network at the moment. 5 

A method for managing a network of radio devices 
using at least one authentication server, the method 
comprising: 



deleting information of a first radio device to be 
deleted from registration information of the ra- 
dio devices at a deletion accepting authentica- 
tion server which is an authentication server 
that acquired deletion information for deleting 
the information of the first radio device from the 
network; 

transmitting the deletion information from the 
deletion accepting authentication server to oth- 
er authentication servers related to the net- 
work; 

sending a response from a deletion information 
receiving authentication server which is one of 
the other authentication servers that received 
the deletion information, to the deletion accept- 
ing authentication server; 
deleting the information of the first radio device 
from the registration information of the radio de- 
vices according to the deletion information, at 
the deletion information receiving authentica- 
tion server; 

generating a list of deletion information non-re- 
ceiving authentication servers which are au- 
thentication servers that failed to respond, and 
re-transmitting the deletion information to the 
deletion information non-receiving authentica- 
tion servers, at the deletion accepting authen- 
tication server; and 

deleting the information of the first radio device 
from the registration information of the radio de- 
vices at each deletion information non-receiv- 
ing authentication server. 

5. The method of claim 4, wherein when the response 
is received from one deletion information non-re- 
ceiving authentication server after re-transmitting 
the deletion information to the deletion information 
non-receiving authentication servers, said one de- 
letion information non-receiving authentication 
server is deleted from the list of the deletion infor- 
mation non-receiving authentication servers. 

6. The method of claim 4, further comprising: 

sending the list of the deletion information non- 
receiving authentication servers from the dele- 
tion accepting authentication server to the de- 
letion information receiving servers; 
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re-transmitting the deletion information to the 
deletion information non-receiving authentica- 
tion servers according to the list of the deletion 
information non-receiving authentication serv- 
ers, at the deletion information receiving au- 
thentication servers; and 
deleting the information of the first radio device 
from the registration information of the radio de- 
vices at each deletion information non-receiv- 
ing authentication server which received the 
deletion information from one of the deletion in- 
formation receiving authentication server. 

The method of claim 6, wherein when the response 
is received from one deletion information non-re- 
ceiving authentication server after re-transmitting 
the deletion information to the deletion information 
non-receiving authentication servers from the dele- 
tion information receiving authentication servers, 
said one deletion information non-receiving authen- 
tication server is deleted from the list of the deletion 
information non-receiving authentication servers at 
the deletion information receiving authentication 
servers. 

The method of claim 4, wherein when there is a reg- 
istration request for a second radio device, the 
method further comprises: 

requesting connections from a registration tar- 
get authentication server which is an authenti- 
cation server for carrying out a registration of 
the second radio device, to other authentication 
servers related to the network; 
establishing a synchronization of information 
regarding the registration of the radio devices 
related to the network, from the registration tar- 
get authentication server to the other authenti- 
cation servers when responses to requests 
from all the other authentication servers are re- 
ceived; 

acquiring registration information which is infor- 
mation of the second radio device at the regis- 
tration target authentication server; 
transmitting the registration information from 
the registration target authentication server to 
the other authentication servers; 
judging whether all the other authentication 
servers have received the registration informa- 
tion at the registration target authentication 
server; 

notifying registration completion from the reg- 
istration target authentication server to all the 
other authentication servers according to 
judgement at the judging step; and 
registering the registration information of the 
second radio device at the registration target 
authentication server and the other authentica- 
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tion servers. 

9. The method of claim 8, wherein when the registra- 
tion target authentication server establishes the 
synchronization of the information regarding the 5 
registration of the radio devices related to the net- 
work to the other authentication servers, the meth- 
od further comprises: 

requesting a transfer of the list of the deletion 10 
information non-receiving authentication serv- 
ers from the registration target authentication 
server to the other authentication servers; 
transmitting the list of the deletion information 
non-receiving authentication servers and the 15 
information of the first radio device from the oth- 
er authentication servers to the registration tar- 
get authentication server in response to re- 
quest; 

transmitting the information of the first radio de- 20 
vice to the deletion information non-receiving 
authentication servers according to the list of 
the deletion information non-receiving authen- 
tication servers transmitted from the other au- 
thentication servers; 25 
deleting the information of the first radio device 
from the registration information of the radio de- 
vices at the deletion information non-receiving 
authentication servers according to the list of 
the deletion information non-receiving authen- 30 
tication servers, according to the information of 
the first radio device transmitted from the reg- 
istration target authentication server, at the de- 
letion information non-receiving authentication 
servers according to the list of the deletion in- 35 
formation non-receiving authentication serv- 
ers; 

transmitting notices of deletion from the dele- 
tion information non-receiving authentication 
servers according to the list of the deletion in- 40 
formation non-receiving authentication servers 
to the registration target authentication server 
of the second radio device after the deletion; 
and 

transmitting a notice of completion of the dele- 45 
tion from the registration target authentication 
serverto the other authentication servers when 
the notices of deletion are received from all the 
deletion information non-receiving authentica- 
tion servers according to the list of the deletion 50 
information non-receiving authentication serv- 
ers. 

10. The method of claim 9, wherein when the registra- 
tion target authentication server establishes the 55 
synchronization of the information regarding the 
registration of the radio devices related to the net- 
work to the other authentication servers and a plu- 



rality of the other authentication servers exist, the 
method further comprises: 

requesting from the registration target authen- 
tication server to each one of the other authen- 
tication servers a transfer of the list of the de- 
letion information non-receiving authentication 
servers; 

transmitting the list of the deletion information 
non-receiving authentication servers and the 
information of the first radio device from each 
one of the other authentication servers to the 
registration target authentication server in re- 
sponse to request; 

transmitting the information of the first radio de- 
vice to the deletion information non-receiving 
authentication servers according to the list of 
the deletion information non-receiving authen- 
tication servers transmitted from each one of 
the other authentication servers; 
deleting the information of the first radio device 
from the registration information of the radio de- 
vices at the deletion information non-receiving 
authentication servers according to the list of 
the deletion information non-receiving authen- 
tication servers, according to the information of 
the first radio device transmitted from the reg- 
istration target authentication server, at the de- 
letion information non-receiving authentication 
servers according to the list of the deletion in- 
formation non-receiving authentication serv- 
ers; 

transmitting notices of deletion from the dele- 
tion information non-receiving authentication 
servers according to the list of the deletion in- 
formation non-receiving authentication servers 
to the registration target authentication server 
of the second radio device after the deletion; 
and 

transmitting a notice of completion of the dele- 
tion from the registration target authentication 
server to each one of the other authentication 
servers when the notices of deletion are re- 
ceived from all the deletion information non-re- 
ceiving authentication servers according to the 
list of the deletion information non-receiving au- 
thentication servers. 

1 1 . An authentication server device for managing a net- 
work of radio devices, comprising: 

a communication unit configured to carry out 
communications with authentication servers re- 
lated to the network; 

a radio device information storing unit config- 
ured to store information of radio devices con- 
nected to the network; 

a radio device information registration unitcon- 
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figured to carry out a registration of information 
regarding a radio device to be connected to the 
network with respect to the radio device infor- 
mation storing unit when it is possible to carry 
out communications with all the authentication 5 
servers; 

a radio device information registration informa- 
tion delivery unit configured to deliver informa- 
tion regarding the registration of a radio device 
to the authentication servers by using the com- 10 
munication unit; 

a deletion unit configured to delete the informa- 
tion of a radio device from the radio device in- 
formation storing unit when a deletion of a radio 
device is to be carried out; and 15 
a radio device deletion information delivery unit 
configured to distribute information regarding 
the deletion of a radio device to the authentica- 
tion servers by using the communication unit. 

20 

12. A computer program productforcausing computers 
that manage a network of radio devices, to carry out 
processings including: 

requesting connections from a registration tar- 25 
get authentication server which is an authenti- 
cation server for carrying out a registration of a 
new radio device, to other authentication serv- 
ers related to the network; 

establishing a synchronization of information 30 
regarding the registration of the radio devices 
related to the network, from the registration tar- 
get authentication server to the other authenti- 
cation servers when responses to requests 
from all the other authentication servers are re- 35 
ceived; 

acquiring registration information which is infor- 
mation of the new radio device related to the 
registration at the registration target authenti- 
cation server; 40 
transmitting the registration information from 
the registration target authentication server to 
the other authentication servers; 
judging whether all the other authentication 
servers have received the registration informa- 45 
tion at the registration target authentication 
server; 

notifying registration completion from the reg- 
istration target authentication server to all the 
other authentication servers according to 50 
judgement at the judging step; and 
registering the registration information of the 
new radio device related to the registration at 
the registration target authentication server 
and the other authentication servers. 55 

13. The computer program product of claim 12, wherein 
the processings also include those in which: 



the registration target authentication server for 
carrying outthe registration of the new radio de- 
vice judges whether or not there is any radio 
device registration in progress in the network 
at a moment before requesting connections to 
the other authentication servers related to the 
network, and 

the registration target authentication server in- 
terrupts a processing for the registration when 
there is a radio device registration in progress 
in the network at the moment. 

14. A computer program productforcausing computers 
that manage a network of radio devices, to carry out 
processings including: 

deleting information of a first radio device to be 
deleted from registration information of the ra- 
dio devices at a deletion accepting authentica- 
tion server which is an authentication server 
that acquired deletion information for deleting 
the information of the first radio device from the 
network; 

transmitting the deletion information from the 
deletion accepting authentication server to oth- 
er authentication servers related to the net- 
work; 

sending a response from a deletion information 
receiving authentication server which is one of 
the other authentication servers that received 
the deletion information, to the deletion accept- 
ing authentication server; 
deleting the information of the first radio device 
from the registration information of the radio de- 
vices according to the deletion information, at 
the deletion information receiving authentica- 
tion server; 

generating a list of deletion information non-re- 
ceiving authentication servers which are au- 
thentication servers that failed to respond, and 
re-transmitting the deletion information to the 
deletion information non-receiving authentica- 
tion servers, at the deletion accepting authen- 
tication server; and 

deleting the information of the first radio device 
from the registration information of the radio de- 
vices at each deletion information non-receiv- 
ing authentication server. 

1 5. The computer program product of claim 1 4, wherein 
the processings include that in which when the re- 
sponse is received from one deletion information 
non-receiving authentication server after re-trans- 
mitting the deletion information to the deletion infor- 
mation non-receiving authentication servers, said 
one deletion information non-receiving authentica- 
tion server is deleted from the list of the deletion in- 
formation non-receiving authentication servers. 
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16. The computer program product of claim 14, wherein 
the processings further include: 

sending the list of the deletion information non- 
receiving authentication servers from the dele- 5 
tion accepting authentication server to the de- 
letion information receiving servers; 
re-transmitting the deletion information to the 
deletion information non-receiving authentica- 
tion servers according to the list of the deletion 10 
information non-receiving authentication serv- 
ers, at the deletion information receiving au- 
thentication servers; and 
deleting the information of the first radio device 
from the registration information of the radio de- 15 
vices at each deletion information non-receiv- 
ing authentication server which received the 
deletion information from one of the deletion in- 
formation receiving authentication server. 

20 

17. The computer program product of claim 16, wherein 
the processings include that in which when the re- 
sponse is received from one deletion information 
non-receiving authentication server after re-trans- 
mitting the deletion information to the deletion infor- 25 
mation non-receiving authentication servers from 

the deletion information receiving authentication 
servers, said one deletion information non-receiv- 
ing authentication server is deleted from the list of 
the deletion information non-receiving authentica- 30 
tion servers at the deletion information receiving au- 
thentication servers. 

18. The computer program product of claim 14, wherein 
when there is a registration request for a second 35 
radio device, the processings further include: 



server; 

notifying registration completion from the reg- 
istration target authentication server to all the 
other authentication servers according to 
judgement at the judging step; and 
registering the registration information of the 
second radio device at the registration target 
authentication server and the other authentica- 
tion servers. 

1 9. The computer program product of claim 1 8, wherein 
when the registration target authentication server 
establishes the synchronization of the information 
regarding the registration of the radio device related 
to the network to the other authentication servers, 
the processings further include: 

requesting a transfer of the list of the deletion 
information non-receiving authentication serv- 
ers from the registration target authentication 
server to the other authentication servers; 
transmitting the list of the deletion information 
non-receiving authentication servers and the 
information of the first radio device from the oth- 
er authentication servers to the registration tar- 
get authentication server in response to re- 
quest; 

transmitting the information of the first radio de- 
vice to the deletion information non-receiving 
authentication servers according to the list of 
the deletion information non-receiving authen- 
tication servers transmitted from the other au- 
thentication servers; 

deleting the information of the first radio device 
from the registration information of the radio de- 
vices at the deletion information non-receiving 
authentication servers according to the list of 
the deletion information non-receiving authen- 
tication servers, according to the information of 
the first radio device transmitted from the reg- 
istration target authentication server, at the de- 
letion information non-receiving authentication 
servers according to the list of the deletion in- 
formation non-receiving authentication serv- 
ers; 

transmitting notices of deletion from the dele- 
tion information non-receiving authentication 
servers according to the list of the deletion in- 
formation non-receiving authentication servers 
to the registration target authentication server 
of the second radio device after the deletion; 
and 

transmitting a notice of completion of the dele- 
tion from the registration target authentication 
server to the other authentication servers when 
the notices of deletion are received from all the 
deletion information non-receiving authentica- 
tion servers according to the list of the deletion 



requesting connections from a registration tar- 
get authentication server which is an authenti- 
cation server for carrying out a registration of 40 
the second radio device, to other authentication 
servers related to the network; 
establishing a synchronization of information 
regarding the registration of the radio devices 
related to the network, from the registration tar- 45 
get authentication server to the other authenti- 
cation servers when responses to requests 
from all the other authentication servers are re- 
ceived; 

acquiring registration information which is infor- 50 
mation of the second radio device at the regis- 
tration target authentication server; 
transmitting the registration information from 
the registration target authentication server to 
the other authentication servers; 55 
judging whether all the other authentication 
servers have received the registration informa- 
tion at the registration target authentication 
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information non-receiving authentication serv- 
ers. 

20. The computer program product of claim 1 9, wherein 
when the registration target authentication server 5 
establishes the synchronization of the information 
regarding the registration of the radio devices relat- 
ed to the network to the other authentication servers 
and a plurality of the other authentication servers 
exist, the processings further include: 10 

requesting from the registration target authen- 
tication server to each one of the other authen- 
tication servers a transfer of the list of the de- 
letion information non-receiving authentication 15 
servers; 

transmitting the list of the deletion information 
non-receiving authentication servers and the 
information of the first radio device from each 
one of the other authentication servers to the 20 
registration target authentication server in re- 
sponse to request; 

transmitting the information of the first radio de- 
vice to the deletion information non-receiving 
authentication servers according to the list of 25 
the deletion information non-receiving authen- 
tication servers transmitted from each one of 
the other authentication servers; 
deleting the information of the first radio device 
from the registration information of the radio de- 30 
vices at the deletion information non-receiving 
authentication servers according to the list of 
the deletion information non-receiving authen- 
tication servers, according to the information of 
the first radio device transmitted from the reg- 35 
istration target authentication server, at the de- 
letion information non-receiving authentication 
servers according to the list of the deletion in- 
formation non-receiving authentication serv- 
ers; 40 
transmitting notices of deletion from the dele- 
tion information non-receiving authentication 
servers according to the list of the deletion in- 
formation non-receiving authentication servers 
to the registration target authentication server 45 
of the second radio device after the deletion; 
and 

transmitting a notice of completion of the dele- 
tion from the registration target authentication 
server to each one of the other authentication 50 
servers when the notices of deletion are re- 
ceived from all the deletion information non-re- 
ceiving authentication servers according to the 
list of the deletion information non-receiving au- 
thentication servers. 55 

21. A carrier medium carrying computer readable in- 
structions for controlling a computer to carry out the 



method of any one of claims 1 to 1 0. 
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FIG. 5A 
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(103a, 103b, 103c, 103d and 103e) is managed by carrying out a radio 
device registration at a registering authentication server (101, 102a, 102b) 
when it is possible to communicate with all the authentication servers (101, 
102a, 102b), distributing registration information to the authentication 
servers (101, 102a, 102b), managing the registration information at each one 
of the authentication servers (101, 102a, 102b), carrying out a radio device 
deletion at a deleting authentication server (101, 102a, 102b), distributing 
deletion information to the authentication servers (101, 102a, 102b), and 
deleting the radio device from the registration information according to the 
deletion information at each one of the authentication servers (101, 102a, 
102b). ? 
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